2024-04-02 18:50:50 UTC

A potential backdoor in xz Utils, an open-source compression utility, was recently discovered by a Microsoft engineer, just weeks before it would have been integrated into Debian and Red Hat Linux. The backdoor, found in versions 5.6.0 and 5.6.1, allowed attackers to manipulate sshd, enabling them to upload and execute malicious code on affected devices. While no code has been seen uploaded yet, the implications could be serious, including the theft of encryption keys and installation of malware.